Hi, I'm pretty new to this, but I've got a problem. Last night, a SPAMer was able to relay 250 mail messages through my server and I can't figure out how they did it.
Here's my configuration: Fedora Core 2 - kernel-2.6.10-1.771_FC2 apache - httpd-2.0.51-2.9 mailman-2.1.5-10.fc2 sendmail-8.12.11-4.6 Here's what I know... My sendmail is configured in a way to only allow relaying from IP addresses within my network (the 192.168.blah.blah range). I believe this is configured correctly because I get "RELAYING DENIED" messages all the time from SPAMers trying to relay through my server. The only reason I know about the attempt is because I received over 100 bounced messages to "[EMAIL PROTECTED]" from the target of the attack. The bounced messages all contained the original message (which came from [EMAIL PROTECTED]). My /etc/log/maillog file shows all 250 sendmails being relayed (here's just one): maillog:May 14 21:02:52 nameofmyserver sendmail[14830]: j4F32px8014830: from=<[EMAIL PROTECTED]>, size=2408, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, bodytype=7BIT, proto=ESMTP, daemon=MTA, relay=mail.popcap.com [69.25.140.155] My mailman settings don't allow anyone from any groups to send mass-mailings without approval. (I verified this all this morning.) So, I guess I have two questions: 1) How did they do it? (and more importantly) 2) How do I stop it? Thank you all for your time! Jon -- Jon D Slater Colorado Tech Support p: 970.988.7246 P.O. Box 143 f: 970.674.8060 Windsor, Colorado www.ColoTechSupport.Com 80550 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp